Category: Identity

Can technology/ intelligent machine replace the human touch? While a machine can perform a given task, often more efficiently than we can, what it lacks is the creativity in the activity, a uniquely human ability to cater to the needs of the individual. What is creativity? What are the needs of the individual? Even if a machine could determine an appropriate plan humans will still want to interact with another who has the creative expertise/ experiences to talk us through, one who understands that creativity in that context.

How much of this effect is real, how much of it is specific to our generation? Will the next generation or future generations after have the same distrust and longing for such “human” touch? Especially digital natives who grew up with the internet and social media as part of their everyday world.

Technologies of the industrial revolution (steam power and machinery) – largely complemented human capabilities. The great question of our current time is whether digital technology will complement or instead replace human capabilities…can digital technology replace human capabilities especially the understanding and judgement – let alone the empathy – requires to successfuly deliver services such as social care; or that lead us to enjoy and value interacting with each other rather than with machines.

Faster isn’t wiser: Intelligence is defined in terms of the ability to acquire and apply knowledge and skills, but what is often missing is the act of taking decisions base on the ability to choose objectives or hold values that shape it.

Values are experience, not data: As we use increasingly powerful computers to create more and more sophisticated logical systems, we may succeed in making systems resemble human thinking, but there will always be situations that can only be resolved by humans employing judgement based on values that we can empathise with, based in turn on experiences that we can relate to.

Artificial life, experience, values:

Intelligent machines can make choices based on data available to them but this is very different than a judgement based on values that emerge from our experience of life.

Currently there is an intense discussion about personal data and ownership. Although the assumption of exposing data is inherently dangerous, the opposite may be true as well. The key question focusses more on access control to manage data exposure in order to avoid risks while still getting the benefits. Or maybe it is more about establishing broad ethical standards as data availability is neither good or bad on its own – the way it is used makes the difference.

Let’s look at some use cases which illustrate the challenge. Let’s assume you feel an unusual pressure in your chest and decide to visit a doctor. He does an electrocardiogram (ECG) which looks normal. What does this mean – although it maybe normal in relation to a statistical sample but may be very unusual for you. The doctor does not have the necessary data to determine this.

Let’s assume now that you have a wearable which collects data of key body functions on an ongoing base. Many others do this as well and the gathered data can be analysed leading to algorithms which can detect anomalies like an indication of an increased risk of a heart attack on a personal level. Your data is now used in two ways – to build up the algorithm and to detect health issues for you. Please note that just doing some data gathering when you feel bad has not the same effect. The power comes from the availability of longer term data.

Let’s now assume that the new way to identify potential heart attacks reduces the perspective costs substantially. Especially in the long-term, trends and indicators can be used to influence the behavior e.g. towards more physical activity.

The data gathered could also be used to derive further information which could be used for unethical purposes.

You might say that it is always possible to switch data gathering on and off – depending on the type of data such ‘white spots’ may finally be problematic and will not help to better protect privacy. If gathering data is the norm, then switching it off could easily seen as an indicator that somebody tries to hide something may actually attract attention.

Such data could be pseudonomized – but needs to have some sort of tag to allow correlations to power the analytics or it may even by identifying itself like the ECG which is also being used for authentication.

There are many such examples – if you share your GPS position, somebody may take advantage that you are far away from home or use the data to rescue you after an accident.

I think that collecting data will be the norm. Protecting data will be key – but even more important is the need to establish ethical standards on how to deal with such data and information derived from it.

Digital technology encourages the dissemination of knowledge and know-how. Its ability to influence socio-economic structures also means it confers power and a competitive edge on those who design its applications over those who merely use them. Ethics, a form of critical thinking on social structures and traditions shaping the lives of societies. Aim at questioning moral biases and opening new choices. Digital libraries belong to an emerging digital culture. New questions concerning production, collection, classification, and dissemination of knowledge arise. How is the integrity, validity, and sustainability of these digital collections guaranteed?

Information technology is now ubiquitous (Ubiquitous Computing) in the lives of people across the globe. These technologies take many forms such as personal computers, smart phones, the internet, web and mobile phone applications, digital assistants, and cloud computing. In fact the list is growing constantly and new forms of these technologies are working their way into every aspect of daily life. Have we allowed the digital medium to grow chaotically and carelessly, lowering our guard against the deterioration and pollution of our infosphere. Is it due to the desire and reflection of only what we wanted – entertainment, cheaper goods, free news and gossip – and not the deeper understanding, dialogue or education that would have served us better.

During prior mediums of disseminating information (e.g. newspaper, physical mediums) there was concerned with maintaining standards, adherence to accuracy and an informed public debate. We now have the same problem with online misinformation. These kinds of digital, ethical problems represent a defining challenge of the 21st century. They include breaches of privacy, of security and safety, of ownership and intellectual property rights, of trust, of fundamental human rights, as well as the possibility of exploitation, discrimination, inequality, manipulation, propaganda, populism, racism, violence and hate speech. A lack of proactive ethics foresight thwarts decision-making, undermines management practices and damages strategies for digital innovation. The near instantaneous spread of digital information means that some of the costs of misinformation may be hard to reverse, especially when confidence and trust are undermined (Emotional Trust in an Hyperconnected world).

How do we establishtrust through credibility, transparency and accountability – and a high degree of patience, coordination and determination. Will this be fulfilled with an ethical infosphere to save the world and ourselves from ourselves?

All three aspects levitates a shift towards a distributed decentralized financial system. This affects the core and challenges legacy status quo and its existence in the future.

In addition fueled by the increasing tokenization and availability of blockchain based systems there will be a shift towards

Mobile Payments

Holistic mobile wallets

Global Solutions

There will be no other options for incumbents to integrate into the evolving mesh than to provide API’s to access information and services and to start to rely on others to provide crucial information. Self contained and closed financial services companies as well as local solutions will increasingly face headwinds.

Open Banking / API’s

Global solutions

Last but not least – user interfaces will become much more natural and transparent. The users will be amplified with new sense and access to information supported by intelligent agents.

Regulators will start to come up to speed with the changes. They will find ways to agree with business changes but also ethical standards across borders acknowledging the global nature of digital eco systems. A big challenge will be on the very old tax systems which are not ready yet for the shaping economy.

Tax System

These changes are fundamental – there is a ongoing paradigm change where inherent distributed digital approaches start to outperform the automated legacy processes. There are two big dangers out there

Many of the current developments seem to turn time back and bring up systems again which were used in the past but difficult to apply as physical distance was a limiting factor. Digital changes this – the world becomes some sort of a global village. Have a look at Yap, The Island Of Stone Money – the first productive blockchain system.

“Making me think” is one of the biggest compliments you can obtain from me. We are used to continue our habits and patterns and it takes great effort to escape from them.

As a child I was always inquisitive and full of questions – although some are not so challenging but when in doubt we try to understand and learn by asking lots of questions. Over time we perceived to think that we have asked all important ones with all the answers ready. Thus the creation of “our box.”

Asking questions is a way of getting in and out of your box at will and to develop new concepts, thoughts and ideas. Asking yourself (and others) many questions every time is a form of gym to workout your brain. Martin Gaedt explores this in “Rock your ideas” (available in German only). Look around and start to challenge yourself and others – rock your ideas!

How will Artificial Intelligence affect crime, war, justice, jobs, society and our very sense of being human? Max Tegmark provides a fascinating perspective into different forms of life, its evolution and physical limits in Life 3.0. The book defines basic terms like intelligence and busts common myths. Max raises many questions, provides answers and stresses the importance of having accepted ethical standards in the rise of AI.

What is happiness? Is there a formula to become happier? What are the parameters and how can the outcome be optimized? Solve for Happy by Mo Gawdat takes an engineers perspective.

Can humans overcome death? Should they? Homo Deus by Yuval Noah Harari looks into a world where more people die from eating too much then from having nothing to eat and where more people commit suicide then there are victims of soldiers, terrorists and criminals together.

What is important? What is true? Is it important, that it is true? Gunter Dueck explores these questions in his book Flachsinn: Ich habe Hirn, ich will hier raus. The book is available in German only. How can one escape from the growing shallowness? Maybe by listening to these books and by challenging yourself …

The publications above made me think … What books made you think? How have they influence “your box”?

A good time to “workout” our brain and reflect on “our box” during the holiday season.

Before we explain what is self sovereign digital identity, let us first define identity, then elaborate on digital identity which inherently leads to the final form of digital identity management where each user controls their own digital identity.

Identity is a uniquely human concept. It is that ineffable “I” of self-consciousness.

We all have a Social identity – the qualities, beliefs, personality, looks and/or expressions that make us a person

But how do we proof our identity when interacting with others? Lets look at an example:

You interact with a person who claims to be John Smith and wants to do some transactions with you. John gives you his passport (or a in some countries his driver’s license) as a proof of his identity claim. You attest John’s claim by looking at the passport, determining whether that it is authentic and then comparing attributes captured in the passport with the person in front of you.

This process includes the following concepts:

claim – a claim that an actor would like to consider true

proof(s)- evidence that something is true, often based on a trusted certificate

attestation – verification by an independent party that a claim is true

You may now create a record in your system with a customer identifier, a copy of the passport and additional attributes such as address, date of birth by further verification either through utility bills or other formalized evidences. This record is a digital identity and represents relevant aspects of the social identity and is now the basis for your business interactions with John.

This may all sound simple and rather straight forward, but

Attestation is typically a manual process where unstructured data is captured and verified against the available proofs which must be collected and stored

Only a subset of the captured information is constant. The captured attributes may get out of sync with reality

The presented proofs may be faked, and the quality of the attestation depends on your skills to identify such issues

Wherever John wants to have additional interactions, a similar process is required leading to the creation and attestation of another digital identity

Whenever information changes, John must provide updates to all relevant parties

John has no control what happens with his data and who is accessing it

Juridical persons and things can also have a digital identity – however in this post, we will continue to only focus on natural persons and look at ways such digital identities can be managed.

Digital Identity Management started with centrally managed approaches. The authority, of such approach, that manages the digital identity data becomes the guardian and qualifies the digital identities. As networks evolved, federated approaches were adopted where multiple authorities jointly manage digital identities. User-centric identity is expanding where a user has more control over his digital identity and decides whether to share an identity from one service to another. Such sharing capability is based on standards like OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014), OAuth (2010), and FIDO (2013). It’s important to note that all these approaches are centralised but the user has more influence as to how the information is shared.

The concept behind self-sovereign digital identity is to give the user full control over his/her digital identity. It is a distributed identity management approach where a person creates a unique identifier for their digital identity, places claims and asks others in the network to perform attestation. Claims and attestations can be secured using cryptography with the public and private keys of the involved parties.

An actor can encrypt a claim with his private key

The actor can use the public key of the attestation authority to keep attestation private

The attestation authority can decrypt the message with its private and the users public key

The attestation authority can verify the presented proof and sign if using its own private key

The attestation is then sent securely back to the user

The user now has an attribute with a digitally secured attestation and with proof of a verified authority claim(s). Over time network of users builds up, where identities are maintained and trusted through attestation of proofs given by others in the network. Attestation authorities can be official authorities, organizations and other users. The quality of an identity in such a system depends on the quality of the involved authorities. Ideally this approach will introduce a single user-managed digital identity which can be used in the network when required and becomes the core of the genuine digital self (please see Be your digital self)

Christopher Allen has defined ten principles to ensure the user control that’s at the heart of self-sovereign identity

Existence – users must have an independent existence

Control – users must control their identities

Access – Users must have access to their own data

Transparency – Systems and algorithms must be transparent

Persistence – Identities must be long-lived, ideally last forever

Portability- Information and services about identity must be transportable

Interoperability – Identities should be as widely usable as possible

Consent – Users must agree to the use of their identity

Minimalization- Disclosure of claims must be minimized

Protection – the rights of users must be protected

It is important that the private keys need to be well protected as they grant full control of the digital identity.

So far, this post discusses the creation of a digital identity. In a future post we will look at how do we bridge between the real and the digital world. How can a system verify the user is who they claim to be?

Conclusion

As the world becomes hyperconnected (please see “No ‘OFF’ Switch“), digital identity and security will continuously gain importance. As there will be, in the foreseeable future, no worldwide authority to manage digital identities, the world will converge towards a self-sovereign identity system where users own their data and various actors perform attestation in a mutual way. The system, in its nature, follows paradigms of earlier times where trust was the result of a social network. The introduction of Digital changes the proximity requirements allowing applicability of such system on a global scale.